I had previously been using Wondershaper which caused me nothing but issues, so I decided to try this. It seems to work (as far as creating classes and such), but I'm getting an odd string of iptables errors when I launch it, and I have no clue what it's trying to tell me:

Code:

triforce ~ # ./fairnat.sh
iptables v1.4.13: host/network `.2' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.2' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.3' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.3' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.4' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.4' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.5' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.5' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.6' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.6' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.7' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.7' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.8' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.8' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.11' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.11' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.12' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.12' not found
Try `iptables -h' or 'iptables --help' for more information.

Has anyone used this before, or have any idea how I can make it tell me which line in the script is causing it so I can look and see what it's trying to do that's failing?

Last edited by Akaihiryuu on Sat Jun 16, 2012 11:02 pm; edited 1 time in total

Ok, I moved the ! to before the --tos and that is working without an error also.

well, that may work but is it the intention of this particular script, and if it is the intention why was the 'not' after the --tos. The question being, how did it get released with such a syntax. So can you trace what its intent is, and does it work in that regard? I can't say because I have no idea of the scripts intention (or what "Normal-Service" is exactly), but I would be suspicious that it was released without that syntax error being noticed, and that would make me somewhat hesitent to trust in its shaping cababilities.

Ok, I moved the ! to before the --tos and that is working without an error also.

well, that may work but is it the intention of this particular script, and if it is the intention why was the 'not' after the --tos. The question being, how did it get released with such a syntax. So can you trace what its intent is, and does it work in that regard? I can't say because I have no idea of the scripts intention (or what "Normal-Service" is exactly), but I would be suspicious that it was released without that syntax error being noticed, and that would make me somewhat hesitent to trust in its shaping cababilities.

best ... khay

Well, that script was made several years ago. I'm thinking that what probably happened is the syntax in iptables may have changed slightly since then. All those iptables commands in there do is set type of service flags, which all the stuff in tc uses to prioritize packets. Reading the line, it is setting stuff in the mangle table, and it looks like the rest of the stuff in that particular table is stuff regarding normal service, so having it return if it is NOT normal service seems logical, from what I can see. It is pretty complicated, but I know iptables has changed since 2002, so that's probably all it is.

Well, that script was made several years ago. [...] It is pretty complicated, but I know iptables has changed since 2002, so that's probably all it is.

I see ... well, that's probably the case. Really, my question was: does it work as expected. The only way to find out if the 'not' is needed or ... ummm ... not, is try one and run some services with the mind to the specific shape you expect, then reverse the rule and repeat.

I would say that your probably correct in your assumptions about 'Normal-Service', and that 'not tos normal-service' would indeed seem correct, but without running some traffic accross the wire and mesuring your expectations against the results then its kind of a guess.

Anyhow ... I'm sure thats what you have in mind so I'm being superfluious :)

Unfortunately, I don't know how to test that *specific* rule...this is basically just a fair NAT setup for multiple users, to keep one user from hogging all the bandwidth, but at the same time keeping all the bandwidth available (ie, letting users borrow bandwidth from others when they are not using it). I guess all I can do is...let it run and test it. The tc rules will all work and be the same regardless of that setting...all that does is set optional type of service flags on different packets. The TOS stuff is not required for it to work, but it is supposed to make it work better.

I have seen the author of this script post in here before, but the last time I saw was in 2008. So I guess...I'll just let it run for awhile and see what happens.

! before --tos seems to be the correct solution - it may be that old iptables just understood it the same way the other way around. I think I'd have noticed if it raised a syntax error instead at the time...

And it's unmaintained, I'm sorry to say - I'm not using it myself anymore but the more down-to-earth fairnat_wrt.sh which is more of a template to write your own script, than a script of its own standing...

I'm still using the same shaping idea (one class per user), although I switched from HTB to HFSC some years back.

Sadly, with a recent kernel and iptables update, it seems to have broken again. This time there are so many errors that I don't even know where to begin.

Code:

TC HTB version 3.3
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
Illegal "quantum"

TC HTB version 3.3
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
iptables v1.4.16.3: host/network `.7' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.7' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.8' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.8' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.9' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.9' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.10' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.10' not found
Try `iptables -h' or 'iptables --help' for more information.

I'm also contemplating replacing that with something much simpler but that still works for my purposes. The main issue I have is, I play online games (mainly WOW and Diablo 3 in that category) where latency is a huge issue. My roommate runs a small MUCK on my server also, and there are occasional torrents. We both try to rate limit upload (my ISP is kind of stupid, giving us almost 24mbit downstream but only 1mbit upstream), but sometimes there is still lag.

Anyway, this is the MUCH simpler thing I came up with. If it doesn't do the trick when there are torrents, I'm thinking about specifically classifying battle.net packets in the high priority queue.

I don't have enough experience in QoS to know if this would be as effective as the Fair NAT script, which admittedly is pretty in-depth and a little out of my league. I am currently using this, and it seems to work so far, but I haven't had a chance to test it under extreme conditions.

Well, there's the --option ! vs. ! --option thing again which you could just change.

The other problems are strange, it seems that the fairnat script fails to initialize some variables correctly for some reason (quantum is empty, and IPs end up with only the last digit). Hard to tell why that's happening. Unless bash changed in an odd way, I'd assume errors in the config file or changes you made to the script.

If you want to write your own script, but want to keep the fairnat idea, you could have a look at the fairnat_wrt.sh script. It's the manual approach where for each user you can write a function which creates qos/iptables rules for that user. It's what I am using on my openwrt router nowadays, or at least similar to it (I switched from htb to hsfc).

Well, there's the --option ! vs. ! --option thing again which you could just change.

The other problems are strange, it seems that the fairnat script fails to initialize some variables correctly for some reason (quantum is empty, and IPs end up with only the last digit). Hard to tell why that's happening. Unless bash changed in an odd way, I'd assume errors in the config file or changes you made to the script.

If you want to write your own script, but want to keep the fairnat idea, you could have a look at the fairnat_wrt.sh script. It's the manual approach where for each user you can write a function which creates qos/iptables rules for that user. It's what I am using on my openwrt router nowadays, or at least similar to it (I switched from htb to hsfc).

I actually completely restored the script to default before I did that. And the only change I made previously was the --option ! vs ! --option.

This is what I've come up with (basically trying to roll my own solution and keep it relatively simple rather than have a bunch of complex rules). I decided completely against inbound policing. I have more than sufficient downstream bandwidth...the problem is my ISP gives me a REALLY tiny amount of upstream bandwidth in relation to my downstream. Plus I have really no desire or need to limit download speeds. My main concern is latency for online games, which this seems to be doing a really good job of.

One class for SYN/RST/ACK prioritizing that is limited in the bandwidth it can use.
One class specifically for online games (equal in priority to the first class, only without a set bandwidth limit)
One class for max throughput but lower priority
A default class that can use very little upstream bandwidth (due to it being the default class torrents and things like Steam downloads should be placed here)

Any suggestions for improvement are of course welcome. This is my first foray into doing things myself rather than just using a canned script.